YVR is made up of a team of diverse people who are working collaboratively to Connect BC proudly to the World. Safety is at the core of everything we do; we’re innovative, fun, and we invest in our people. We’re a BC Top Employer for 14 years standing, with high engagement scores, an abundance of learning and development opportunities, and a holistic approach to wellness! And we’re looking for someone to join our team.
As one of Canada’s Best Diversity Employers, Vancouver Airport Authority strives for a workplace that reflects the diversity of the communities we serve. We support the Employment Equity Act and take measures to ensure fair employment practices and treatment of employees across our organization. We welcome applications from all qualified candidates, including women, Aboriginal peoples, persons with disabilities and members of visible minorities. We encourage applicants to self-identify with a designated group(s) to support our team in filling gaps in areas where we can be more diverse. We are also happy to provide reasonable accommodations throughout the selection process and while working at YVR. If you require support applying online because you are a person with a disability, please contact us at 604-303-3152 or email@example.com. Check out the reasons that make us a Top Employer at: https://canadastop100.com/bc/.
We have a permanent, full-time opportunity for an Information Security Specialist in the Innovation and Technology Group. The successful candidate will be a security advocate with IT teams, business stakeholders and end users to design, integrate, and advance Information Security in alignment with the Airport Authority’s business objectives while meeting its compliance, legal and regulatory requirements.
Reporting to the Manager, Technology Services (Cyber Security), the Information Security Specialist will be responsible for providing oversight, support, and guidance to ensure that YVR’s technical infrastructure and applications meet and/or exceed the defined security policies.
Key responsibilities include:
- Provide technical support and system administration on various security technology such as security information event monitoring (SIEM), vulnerability management, privilege access management, data protection platforms and multi-factor authentication
- Monitor and analyze technical security controls to detect, report and remediate security incidents
- Serve as internal technical point of contact with external managed security monitoring service in incident handling response for information security incidents
- Assist in the management of our Managed Security Services vendor to established contractual and compliance requirements for security monitoring
- Providing on-call support on a scheduled basis to ensure that any high severity security incidents are resolved in the most expedited manner
- Participate in change advisory board to review and evaluate planned technology changes in terms of information security risks
- Manage, conduct and optimize vulnerability scans and infrastructure. Assess and provide data with recommendations and see to completion for monthly patching to mitigate/remediate organizational risk
- Research and track information about current security threats, potential vulnerabilities from trusted news sources/external feeds to develop communication plans and/or programs to raise awareness and assess overall enterprise risk exposure as well initiate remediation/mitigation
- Collect, generate, monitor and analyze IT operations security metrics to measure the effectiveness of the IT security management processes
- Assist in security technical planning, assessment and implementation
- Assist in regularly assessing the strength of YVR’s IT security governance and current processes, procedures and technical controls against NIST 800-53, PCI-DSS and industry best practices for Information Security. Propose, develop and implement projects and initiatives to remediate control gaps to reduce overall enterprise risk
- Assist with security reviews and provide technical security guidance for new IT projects involving the planning, design and/or architecture of new or existing internal, cloud, co-located IT infrastructure and vendor managed services
Key qualifications include:
- BSc in Computer Science or similar bachelor’s degree in a related field with a minimum of 5+ years equivalent of Information Security work experience; or an equivalent combination of training and experience
- Professional Information Security certifications such as Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC) are an asset and preferred
- 5+ years’ experience with security related appliances such as firewalls, SIEM, IPS, PAM, 2FA, proxy servers with a broad technical knowledge of enterprise-class network and operating system platforms
- Strong leadership and organizational skills, proven by on-time, on-budget delivery of complex, multidisciplinary projects
- Knowledge of security, privacy and IT governance frameworks and legislation, such as NIST 800-53, ISO27001, PCI-DSS, privacy legislation
- Excellent written, verbal and interpersonal skills
- Excellent analytical skills and attention to detail
- Proven team player
- Resourcefulness to produce high quality results without supervision and direction
- Ability to manage priorities under tight deadlines
This position is open to both Vancouver Airport Authority employees and external candidates. Previous job performance will be taken into consideration for all internal candidates that apply for this position.
Applicants may apply directly at https://www.yvr.ca/en/passengers/careers/current-opportunities